| < draft-ietf-isis-remaining-lifetime-01.txt | draft-ietf-isis-remaining-lifetime-02.txt > | |||
|---|---|---|---|---|
| Networking Working Group L. Ginsberg | Networking Working Group L. Ginsberg | |||
| Internet-Draft P. Wells | Internet-Draft P. Wells | |||
| Intended status: Standards Track S. Previdi | Intended status: Standards Track Cisco Systems | |||
| Expires: November 2, 2016 Cisco Systems | Expires: February 4, 2017 B. Decraene | |||
| B. Decraene | ||||
| Orange | Orange | |||
| T. Przygienda | T. Przygienda | |||
| Juniper | Juniper | |||
| H. Gredler | H. Gredler | |||
| Private Contributer | Private Contributer | |||
| May 01, 2016 | August 03, 2016 | |||
| IS-IS Minimum Remaining Lifetime | IS-IS Minimum Remaining Lifetime | |||
| draft-ietf-isis-remaining-lifetime-01.txt | draft-ietf-isis-remaining-lifetime-02.txt | |||
| Abstract | Abstract | |||
| Corruption of the Remainining Lifetime Field in a Link State PDU can | Corruption of the Remainining Lifetime Field in a Link State PDU can | |||
| go undetected. In certain scenarios this may cause or exacerbate | go undetected. In certain scenarios this may cause or exacerbate | |||
| flooding storms. It is also a possible denial of service attack | flooding storms. It is also a possible denial of service attack | |||
| vector. This document defines a backwards compatible solution to | vector. This document defines a backwards compatible solution to | |||
| this problem. | this problem. | |||
| Requirements Language | Requirements Language | |||
| skipping to change at page 1, line 47 ¶ | skipping to change at page 1, line 46 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 2, 2016. | This Internet-Draft will expire on February 4, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 29 ¶ | skipping to change at page 2, line 29 ¶ | |||
| Table of Contents | Table of Contents | |||
| 1. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Solution . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Deployment Considerations . . . . . . . . . . . . . . . . . . 5 | 3. Deployment Considerations . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. Inconsistent Values for MaxAge . . . . . . . . . . . . . 5 | 3.1. Inconsistent Values for MaxAge . . . . . . . . . . . . . 5 | |||
| 3.2. Reporting Corrupted Lifetime . . . . . . . . . . . . . . 5 | 3.2. Reporting Corrupted Lifetime . . . . . . . . . . . . . . 5 | |||
| 3.3. Impact of Delayed LSP Purging . . . . . . . . . . . . . . 6 | 3.3. Impact of Delayed LSP Purging . . . . . . . . . . . . . . 6 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 6 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 7. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.2. Informational References . . . . . . . . . . . . . . . . 7 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| 8.2. Informational References . . . . . . . . . . . . . . . . 8 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Problem Statement | 1. Problem Statement | |||
| Each Link State PDU (LSP) includes a Remaining Lifetime field. This | Each Link State PDU (LSP) includes a Remaining Lifetime field. This | |||
| field is set by the originator based on local configuration and then | field is set by the originator based on local configuration and then | |||
| decremented by all systems once the entry is stored in their Link | decremented by all systems once the entry is stored in their Link | |||
| State PDU Database (LSPDB) consistent with the passing of time. This | State PDU Database (LSPDB) consistent with the passing of time. This | |||
| allows all Intermediate Systems (ISs) to age out the LSP at | allows all Intermediate Systems (ISs) to age out the LSP at | |||
| approximately the same time. | approximately the same time. | |||
| skipping to change at page 7, line 12 ¶ | skipping to change at page 7, line 20 ¶ | |||
| introduced. A "man-in-the-middle" attack which modifies an existing | introduced. A "man-in-the-middle" attack which modifies an existing | |||
| LSP by changing the Remaining Lifetime to a small value can cause | LSP by changing the Remaining Lifetime to a small value can cause | |||
| premature purges even in the presence of cryptographic | premature purges even in the presence of cryptographic | |||
| authentication. The mechanisms defined in this document prevent such | authentication. The mechanisms defined in this document prevent such | |||
| an attack from being effective. | an attack from being effective. | |||
| 6. Acknowledgements | 6. Acknowledgements | |||
| The problem statement in [LIFE-PROB] motivated this work. | The problem statement in [LIFE-PROB] motivated this work. | |||
| 7. References | 7. Contributors | |||
| 7.1. Normative References | The following people gave a substantial conrtibution to the content | |||
| of this document and should be considered as co-authors: | ||||
| Stefano Previdi | ||||
| Cisco Systems | ||||
| Email: sprevidi@cisco.com | ||||
| 8. References | ||||
| 8.1. Normative References | ||||
| [ISO10589] | [ISO10589] | |||
| International Organization for Standardization, | International Organization for Standardization, | |||
| "Intermediate system to Intermediate system intra-domain | "Intermediate system to Intermediate system intra-domain | |||
| routeing information exchange protocol for use in | routeing information exchange protocol for use in | |||
| conjunction with the protocol for providing the | conjunction with the protocol for providing the | |||
| connectionless-mode Network Service (ISO 8473)", ISO/ | connectionless-mode Network Service (ISO 8473)", ISO/ | |||
| IEC 10589:2002, Second Edition, Nov 2002. | IEC 10589:2002, Second Edition, Nov 2002. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| skipping to change at page 7, line 38 ¶ | skipping to change at page 8, line 10 ¶ | |||
| [RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic | [RFC5304] Li, T. and R. Atkinson, "IS-IS Cryptographic | |||
| Authentication", RFC 5304, DOI 10.17487/RFC5304, October | Authentication", RFC 5304, DOI 10.17487/RFC5304, October | |||
| 2008, <http://www.rfc-editor.org/info/rfc5304>. | 2008, <http://www.rfc-editor.org/info/rfc5304>. | |||
| [RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R., | [RFC5310] Bhatia, M., Manral, V., Li, T., Atkinson, R., White, R., | |||
| and M. Fanto, "IS-IS Generic Cryptographic | and M. Fanto, "IS-IS Generic Cryptographic | |||
| Authentication", RFC 5310, DOI 10.17487/RFC5310, February | Authentication", RFC 5310, DOI 10.17487/RFC5310, February | |||
| 2009, <http://www.rfc-editor.org/info/rfc5310>. | 2009, <http://www.rfc-editor.org/info/rfc5310>. | |||
| 7.2. Informational References | 8.2. Informational References | |||
| [LIFE-PROB] | [LIFE-PROB] | |||
| "IS-IS LSP lifetime corruption - Problem Statement, draft- | "IS-IS LSP lifetime corruption - Problem Statement, draft- | |||
| decraene-isis-lsp-lifetime-problem-statement-01(work in | decraene-isis-lsp-lifetime-problem-statement-02(work in | |||
| progress)", January 2016. | progress)", July 2016. | |||
| [RFC3719] Parker, J., Ed., "Recommendations for Interoperable | [RFC3719] Parker, J., Ed., "Recommendations for Interoperable | |||
| Networks using Intermediate System to Intermediate System | Networks using Intermediate System to Intermediate System | |||
| (IS-IS)", RFC 3719, DOI 10.17487/RFC3719, February 2004, | (IS-IS)", RFC 3719, DOI 10.17487/RFC3719, February 2004, | |||
| <http://www.rfc-editor.org/info/rfc3719>. | <http://www.rfc-editor.org/info/rfc3719>. | |||
| Authors' Addresses | Authors' Addresses | |||
| Les Ginsberg | Les Ginsberg | |||
| Cisco Systems | Cisco Systems | |||
| skipping to change at page 8, line 23 ¶ | skipping to change at page 8, line 40 ¶ | |||
| Email: ginsberg@cisco.com | Email: ginsberg@cisco.com | |||
| Paul Wells | Paul Wells | |||
| Cisco Systems | Cisco Systems | |||
| 170 W Tasman Dr | 170 W Tasman Dr | |||
| San Jose, Ca 95035 | San Jose, Ca 95035 | |||
| USA | USA | |||
| Email: pauwells@cisco.com | Email: pauwells@cisco.com | |||
| Stefano Previdi | ||||
| Cisco Systems | ||||
| Via Del Serafico 200 | ||||
| Rome 0144 | ||||
| Italy | ||||
| Email: sprevidi@cisco.com | ||||
| Bruno Decraene | Bruno Decraene | |||
| Orange | Orange | |||
| 38 rue du General Leclerc | 38 rue du General Leclerc | |||
| Issy Moulineaux cedex 9 92794 | Issy Moulineaux cedex 9 92794 | |||
| France | France | |||
| Email: bruno.decraene@orange.com | Email: bruno.decraene@orange.com | |||
| Tony Przygienda | Tony Przygienda | |||
| Juniper | Juniper | |||
| 1137 Innovation Way | 1137 Innovation Way | |||
| Sunnyvale, Ca 94089 | Sunnyvale, Ca 94089 | |||
| USA | USA | |||
| Email: prz@juniper.net | Email: prz@juniper.net | |||
| Hannes Gredler | Hannes Gredler | |||
| Private Contributer | Private Contributer | |||
| Email: hannes@gredler.at | Email: hannes@gredler.at | |||
| End of changes. 13 change blocks. | ||||
| 24 lines changed or deleted | 26 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||